Extracted

• • Target

    b353ac82c0de547e671660603aee54f5a20b62b4023563c998851a1d89afaa53

  • Size

    1.0MB

  • MD5

    a2c40b9b8de91a80afe451666d42064f

  • SHA1

    559a03301b6f53f573671ba0b1ebaa46b8ba751f

  • SHA256

    b353ac82c0de547e671660603aee54f5a20b62b4023563c998851a1d89afaa53

  • SHA512

    0eb86f7c5a0fe16023f34378441fb7e26214b95e1eabbebefbddabd48057ef919e82b8c11731cb7e2e8a1661d35c87ce61869773c98b6f2b64554675fc577c86

  • SSDEEP

    24576:TyhRnEwhJbwqx8mDD/NaHs3yaGAKLUs0qLPE8StTJs2FE:mvh2qGsDmsiay30qLfATJr

  Score

  10^/10

  redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1